Overview

overview

10

Static

static

1

Client-built.exe.bat

windows10-ltsc 2021-x64

10

Client-built.exe.bat

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-built.exe.bat

  • Size

    4.2MB

  • Sample

    241125-3qpn5asnfv

  • MD5

    e8f9b123f6368338546d660e983af6b0

  • SHA1

    d622ddcfbba5060244816540768925563a7c66c3

  • SHA256

    4a664bab85afe1b3d5013278ba99280506c1eb42bac4e7b23bcc932eda627c8b

  • SHA512

    6ad576a2dd1e73b2eb18c240bd4ac824850e431d800fc2d8c520f6a2b1ea8d50d01c008bcab5cb1cc5189f120fd331870fa25925a2994a8c1e84e265492e9f5c

  • SSDEEP

    49152:eDzoesdQ9TpsKmiB/J73/gnGKmTi5wU50WU:Q

Score
10/10
quasarfrexecutionspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

fr

C2

kdotisbetterfr.airdns.org:61875

Mutex

de3f242e-9b27-4bcc-b108-2b89973fa679

Attributes
  • encryption_key

    A9E1D2CBD6699561DDC6C38CE5B7E79D283DC83E

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.exe.bat

    • Size

      4.2MB

    • MD5

      e8f9b123f6368338546d660e983af6b0

    • SHA1

      d622ddcfbba5060244816540768925563a7c66c3

    • SHA256

      4a664bab85afe1b3d5013278ba99280506c1eb42bac4e7b23bcc932eda627c8b

    • SHA512

      6ad576a2dd1e73b2eb18c240bd4ac824850e431d800fc2d8c520f6a2b1ea8d50d01c008bcab5cb1cc5189f120fd331870fa25925a2994a8c1e84e265492e9f5c

    • SSDEEP

      49152:eDzoesdQ9TpsKmiB/J73/gnGKmTi5wU50WU:Q

    Score
    10/10
    quasarfrexecutionspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks